Towards adaptive false alarm reduction using Cloud as a Service

Yuxin Meng, Wenjuan Li, Lam For Kwok

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

6 Citations (Scopus)

Abstract

False alarms are a challenging issue for an intrusion detection system (IDS), which can significantly decrease the effectiveness of detection and heavily increase the burden on analyzing true alarms. With the advent of cloud computing, it is a big chance to mitigate this problem in such a promising environment. In our previous work, we proposed to construct an intelligent false alarm filter by selecting an appropriate algorithm in an adaptive way, whereas the additional workload may be an issue for implementation. In this paper, we begin by presenting a Generic Cloud-based Intrusion Detection Architecture (GCIDA) and we then propose a cloud-based solution to improve the false alarm reduction and reduce the workload using Cloud as a Service (CaaS). In addition, we also describe the procedures and the interactions between the Cloud nodes and the Cloud providers. Experimental results indicate that CaaS can provide sufficient computing power and greatly reduce the workload of adaptive false alarm reduction.

Original languageEnglish
Title of host publication2013 8th International ICST Conference on Communications and Networking in China, CHINACOM 2013 - Proceedings
Pages420-425
Number of pages6
DOIs
Publication statusPublished - 2013
Externally publishedYes
Event2013 8th International ICST Conference on Communications and Networking in China, CHINACOM 2013 - Guilin, China
Duration: 14 Aug 201316 Aug 2013

Publication series

Name2013 8th International ICST Conference on Communications and Networking in China, CHINACOM 2013 - Proceedings

Conference

Conference2013 8th International ICST Conference on Communications and Networking in China, CHINACOM 2013
Country/TerritoryChina
CityGuilin
Period14/08/1316/08/13

Keywords

  • Cloud as a Service
  • Cloud Environment
  • False Alarm Reduction
  • Intrusion Detection
  • Network Performance

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this